Implementation at
NYSDOT E N T E R P R I S E R I S K M A N A G E M E N T B U R E A U
NEW YORK STATE DEPARTMENT OF TRANSPORTATION
COSO 2013
Pre- COSO 2013
Self-Assessment Approach for IC Reviews
Improvement Opportunities/ Business Planning
KPMG Overview of COSO 2013 Framework
NYSDOT’s Game Plan
Satisfy Multiple Objectives • Perform gap analysis: COSO 2013
• Incorporate payment process controls review: OSC Certification
• Implement Internal Control and Risk Database System (ICARDS):DOB Certification
COSO 2013 Gap Analysis
Used tools from KPMG Study Guidance and COSO
Assessed existing IC program
Mapping worksheet comparing IC Review to COSO’s 17 principles
Identified improvement opportunities
Improvement Opportunities
Incorporate COSO 2013 changes into IC Reviews Modified IC Review form
Expanded questions to align with 17 principles: fraud, system security and data quality
Document Internal Control Improvements
Improvement Opportunities
Policies &Procedures
Separation of Duties
Authorization & Approvals
Verification & Reconciliation
Monitoring
Documentation
Data Quality
Quality Assurance
Develop IC Review – Payment Process
Comprehensive Documentation
NYSDOT Mapping Worksheet
COSO 2013 Compliance
Improvement Opportunities
Improved Risk Management •Risk form & guidance documents
•Meetings to discuss risks
•Corrective Action Plans
•Enterprise Risk Management Program
•NYS Cyber Security Risk Management Initiative
Improvement Opportunities
Improved QA/QC Program Monitoring Met w/managers: document objectives, controls and risks
Annual reports: Improvement recommendations
Facilitated meetings and Action Plans to monitor initiatives
Improvement Opportunities Implemented ICARDS (database)
•Functions/Objectives •Risks (program area & enterprise) •IC Improvements •CAPs & Status Updates •QA/QC Program Information •Tracking of IC Reviews •Easy Reporting Capabilities
Next Steps 2016 Fraud Risk Assessment Program
•Identify functions in NYSDOT Inventory
•Assess threats and opportunities
•Evaluate controls
•Manage risk
Questions?
Contact Information:
Kimberly Joy Doran
NYS Department of Transportation
Enterprise Risk Management Bureau
(518) 457-1590